Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods

To: ss murthy nittala <ssmurthy.nittala at freescale.com>
Subject: Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods
From: Stephen Kent <kent at bbn.com>
Date: Mon, 11 May 2009 15:05:06 -0400
Cc: ipsec at ietf.org
Delivered-to: ipsec at core3.amsl.com
In-reply-to: <200905111404.n4BE4Nns002222 at az33smr01.freescale.net>
List-archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: Discussion of IPsec protocols <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
References: <200905111404.n4BE4Nns002222 at az33smr01.freescale.net>

At 7:40 PM +0530 5/11/09, ss murthy nittala wrote:

Hi,
Is it required for IV to be randomly generated for each ESP packetin case of AES-CTR and AES-CBC methods?
AES-CTR:My understanding is that IV is to be generated randomly forthe first packet.For each new outgoing packet increment IV and useit.

Even for CTR mode, an explicit IV MUST be included with each packet,because the receiver does not know what method of counter valuegeneration the sender has elected to employ.


Steve

References:
- [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods
  - From: ss murthy nittala

Prev by Date: [IPsec] I-D Action:draft-ietf-ipsecme-ikev2-redirect-09.txt
Next by Date: Re: [IPsec] Issue #107
Previous by thread: Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods
Next by thread: [IPsec] I-D Action:draft-ietf-ipsecme-ikev2-redirect-09.txt
Index(es):
- Date
- Thread

Re: [IPsec] IV in ESP packets for AES-CBC and AES-CTR methods

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.